The test was made on 01-21 June 2008, using Windows XP Professional SP2 on a P4 3200 Mhz, 2048MB DDRAM.
All programs tested had the latest versions, upgrades and updates and they were tested using their full scanning capabilities e.g. heuristics, full scan etc.
The default settings of each program were not used, in order for each program to achieve its maximum detection rate. Because of this, there is a possibility for the tested programs to detect a few false positives.
All programs were updated on 31 May 2008, between 09.00AM and 12.00PM GMT.
The 246705 virus samples were chosen using VS2000 according to Kaspersky, F-Prot, Nod32, Dr.Web, BitDefender and McAfee antivirus programs. Each virus sample was unique by virus name, meaning that AT LEAST 1 antivirus program detected it as a new virus.
MS-DOS based virus samples were not used.
ALL virus samples were unpacked and the only samples that were kept were the ones that were packed using external-dos-packers (that means not winzip, winrar, winace etc).
The virus samples had the correct file extension using a special program (Renexts) and were unique, according to checksum32 filesize.
Most "fake" virus samples were removed, as well as "garbage" files.
The program PER was not tested because there was no english demo version available.
The programs Command and Extendia AVK were not tested because there was no demo version available.
Thorough mode was not used in VBA32 due to extremely slow scan process.
The program A-Squared Anti-Malware is anti-trojan/anti-spyware program, not antivirus program.
The program F-Prot was tested using its command line scanner (options fpscan j:\avtest\trobo /adware /applications /output=fpscan_report.log /streams /maxdepth=4 /heurlevel=4) because its GUI kept crashing.
The programs Kingsoft and ZondexGuard were not tested because they could not be updated.
The programs Windows Live OneCare , BKAV and MoonSecureAV kept crashing while scanning the samples.
The program AntiVir is now called Avira AntiVir.
The program Fire uses the exact same engine as Solo.
The program Vexira uses the exact same engine as VirusBuster.
The program BullGuard uses the exact same engine as BitDefender free edition.
The program Avast Professional uses the exact same engine as Avast free edition.
The program AVG Pro uses the exact same engine as AVG Antivirus free edition PLUS the rootkit detection.
The program A-squared Anti-Malware Professional uses the exact same engine as A-squared free edition.
InVircible did not include a "typical" scanner-function and could not be tested.
V-Catch checks only mail accounts and could not be tested.
DOS-Based scanners were not tested.
The following file types were used.
SH, ELF, COM, EXE, PL, BAT, PRC, DOC, XLS, BIN, MDB, IMG, PPT, VBS, MSG, VBA, OLE, HTM, INI, SMM, TD0, REG, CLASS, HTA, JS, VI_, URL, PHP, WMF, HLP, XML, SCR, PIF, SHS, WBT, CSC, MAC, DAT, CLS, STI, INF, HQX, XMI, SIT.
The virus samples were divided into these categories, according to the type of the virus :
File = BeOS, FreeBSD, Linux, Mac, Palm, OS2, Unix, BinaryImage, BAS viruses, MenuetOS.
Windows = Win.*.* viruses.
Macro = Macro, Multi and Formula viruses.
Malware = Adware, DoS, Constructors, Exploit, Flooders, Nukers, Sniffers, SpamTools, Spoofers, Virus Construction Tools, Droppers, PolyEngines, Rootkits, Packed.
Script = ABAP, BAT, Corel, HTML, Java, Scripts, MSH, VBS, WBS, Worms, PHP, Perl, Ruby, Python, WHS, TSQL, ASP, SAP, QNX, Matlab viruses.
Trojans-Backdoors = Trojan and Backdoor viruses.